1 |
On Sun, 2004-09-26 at 23:52, Duncan wrote: |
2 |
> OK, I've been running portage 2.0.51-whatever for several releases, and |
3 |
> it's certainly beginning to shape up nicely! Here are some |
4 |
> comments/questions/suggestions, FWTW.. |
5 |
> |
6 |
> 1) The new "spinner" is /very/ cool! |
7 |
|
8 |
New eye candy? |
9 |
|
10 |
OOh... and how do I view this new whiz-bang feature of portage? |
11 |
|
12 |
*grin* |
13 |
|
14 |
> 2) Documentation is coming alone nicely. |
15 |
> |
16 |
> It's nice to see updated 2.0.51 versions of the various man pages, now. |
17 |
> |
18 |
> I'm seeing a couple things missing still, tho. The main one I noticed was |
19 |
> the portage (5) manpage doesn't list the new /etc/portage/profile yet. |
20 |
> Also, an earlier einfo mentioned /etc/portage/profiles/virtuals while the |
21 |
> new inject depreciated message mentions |
22 |
> /etc/portage/profile/package.provided. I assume these are supposed to |
23 |
> both be the same dir, but don't know whether it's profile or profiles. |
24 |
> Granted, a typo or changed policy is fine, but without documentation |
25 |
> confirming one or the other as right, I'm left guessing. |
26 |
|
27 |
profiles |
28 |
|
29 |
> 3) What about the QA Notices? |
30 |
> |
31 |
> Evidently .51 is rather stricter in some things than .50 and a number of |
32 |
> things are QA Notices now that were silent, before. Are things to the |
33 |
> point where it's worthwhile bugging the various ebuilds that emit these |
34 |
> notices, illegal eclass inheritance and the like, or are there still |
35 |
> enough of them it'd just be unnecessary noise? |
36 |
|
37 |
I think we're getting close to time to start writing bugs for the |
38 |
ebuilds that don't have them already. I would think most of the worst |
39 |
offenders already have bugs. |
40 |
|
41 |
> What about that security notice I've seen pop up a few times? Example: |
42 |
> |
43 |
> QA Notice: Security risk /usr/bin/crontab. Please consider relinking with |
44 |
> 'append-ldflags -Wl,-z,now' to fix. |
45 |
> |
46 |
> What's this mean? What are the implications? How do I do that relinking |
47 |
> if I decide I need to? Can I fix it by enabling a feature in make.conf |
48 |
> or do I run a separate command? Either way, there's not enough info there |
49 |
> to actually DO it, nor do I even have enough info to rightly evaluate the |
50 |
> "security risk"! |
51 |
|
52 |
Actually, that is more a message for the developer. You can perform the |
53 |
same function locally with the LDFLAGS variable in your make.conf, but |
54 |
really the package should be fixed by the developer by adding the |
55 |
"append-ldflags -Wl,-z,now" to the ebuilds, as stated by the emerge |
56 |
process. This has all been since sfperms was added to the default |
57 |
FEATURES. |
58 |
|
59 |
> There's simply not enough there to be anything but a teaser, yet it's |
60 |
> labeled security risk. Someone's being *MEAN* with their teasing! =:^\ |
61 |
|
62 |
Blame solar... if that doesn't work, blame vapier... I'm sure it is his |
63 |
fault somehow... |
64 |
|
65 |
I definitely agree, though. We shouldn't be spewing out "This could |
66 |
allow people to own your box" messages without spewing out "...and |
67 |
here's how to fix it" messages that are just as easy to understand. |
68 |
|
69 |
-- |
70 |
Chris Gianelloni |
71 |
Release Engineering - Operations/QA Manager |
72 |
Games - Developer |
73 |
Gentoo Linux |
74 |
|
75 |
Is your power animal a penguin? |